[SpamCop-List] Re: Why won't this work?
John E. Malmberg
wb8tyw at qsl.network
Sat Dec 11 11:05:15 EST 2004
> Well I understand the replies. My problem is that I am running our of
> available "blocks". I use Yahoo and there are only 200 blocks available. I
> am rapidly filling them up.
It is easy to find examples of spam blocking and filtering that do not work.
It is also easy to find examples of spam blocking and filtering that do
Unfortunately the ones that do not work well are the most popular for
the following reasons:
1. The ones that work are free, or low cost, so they do not buy
advertising in the trade press, or put products on the shelf at the
2. The ones that work give instant feedback to real senders if their
message was blocked by mistake. This makes any errors visible. When a
real message is blocked by a service that tags or quarantines spam, in
most cases neither the sender or the recipient knows.
3. Most of ones that work do not allow per-user's exemption or setting,
and if they are working properly they do not need it. Having a per-user
customization generally indicates an acknowledgment that the filter
method is too flawed to be trusted.
4. The ones that work require that the sending ISP fix the problem for
their users to send e-mail. This is considered unfair by some because
it punishes the ISP's customer.
Back when spamcop.net evidence was more readily available, in the cases
I looked up from complaints in this forum generally showed that that the
ISP's that told their customers that they did not know why the block was
in place had been receiving reports for about 1 week before the
threshold got high enough to cause a block.
The network staff that I used to work with would be embarrassed if it
took them more than 2 minutes to isolate a problem system on the
network, and that was with out automatic systems.
> My blocking spam is no incentive for an ISP that hosts a spammer to stop the
That is because the service you mentioned is apparently not blocking
spam. They are apparently accepting it, and either tagging it or
blackholing it it. Neither provides any feedback to spam supporting
networks. Both allow spam supporting networks to mix spam and real
e-mail from the same mail servers.
Reporting your spam through spamcop.net causes many mail servers to
consider not accepting spam from that I.P. address.
Also please go read the FAQ http://www.spews.org.
> I would think that many US based ISP would be interested in blocking the
> 60 - 80% of the traffic that is spam. We are rapidly approaching the point
> where people will stop using email because of all the crap coming from the
They are not because apparently the people that are paying attention to
the profit and loss at the ISP are not looking at a line item for how
much it is costing them.
If they did, they would use effective spam blocking.
However they have a small but vocal customer base that thinks that all
spam blocking is evil because of the small risk it could block a real
message by mistake.
What these vocal customers and these ISPs do not realize is that
statistically by allowing the spam into the mail server to begin with,
they are increasing the chances that real e-mail will get silently lost.
For mail servers that refuse e-mail from spam and virus sources, I see
only a small number of users asking questions about why a block was in
place so a message was refused, and that issue gets a quick answer.
From the mail servers that try to sort spam by content and individual
preferences, I see lots of reports of servers being unexpectedly down,
and mail being lost.
> If a foreign spammer ISP isn't interested enough to shut down the spammer
> then shut 100% of all email for a week or 2 or more on repeated violations.
My main postmasters will not remove the block until given a reason by
one of their customers, and it does not take two violations to get on
that block. For some countries, 1 spam report gets at least a /24 (256
addresses in layman's terms) blocked.
> from all domains from that ISP. The legit customers would complain and
> probably start switching ISP. If enough customers switched that would be the
> incentive for the ISP to actually shut down / off the spammers.
There are ISPs that do that. AOL.COM is one that will put in a domain
wide block from an ISP that allows spam. That is known because it was
in the media. The blocked ISP complained for 48 hours that it was
unreasonable and impractical for them to solve the problem. After about
72 hours of the block, the blocked ISP discovered that it was practical
to fix the problem and did so.
> Oh well thanks for replies.
The issue is not that it can not be done, it is that your ISP either
does not understand how much extra it is costing them to accept spam
from known spam sources, or they do not care as long as they can pass
the added cost on to their customers.
And it may be that their customers are not aware of how much of their
ISP bill is going to pay for the costs incurred for allowing spam into
the mail server, and how much less reliable it makes the mail server.
In the "LOUNGE" section of the web forum for spamcop.net, there is a
pinned topic on the "cost of spam".
What you need to do is learn about the costs of spam, and get the other
users of your ISP aware.
One of the key things missing from the U.S. CAN-SPAM law is some
incentive to punish an ISP that is either knowingly allowing a spammer
to violate the CAN-SPAM law, or by their inaction is allowing spammers
to route through an insecure system on their network.
A full service ISP should be able to shut down the spew from a
compromised computer in far less than one hour. The worst case for
other networks should be one business day.
If you are in the U.S. call your congress person on the phone and ask
them why those provisions are not present. Get all your friends and
neighbors to also call.
Using the phone ties up their staffers, so they have to pay more
attention. E-mails and letters can sit in a queue ignored until a
bed-bug response is sent.
wb8tyw at qsl.network
Personal Opinion Only
More information about the SpamCop-List